Cyber Risk Continues to Grow

Following the news about data breaches like those experienced at Premera Blue Cross, Target and Yahoo is important to me, both as a consumer and as an insurance professional. I previously wrote a blog entitled Cyber Risk at the ERM Symposium which discussed two presentations from that meeting. I have since joined the Casualty Actuarial Society (CAS) Cyber Risk Task Force and authored Cybersecurity and the Insurance Market. This essay was recently published in the Casualty Actuarial Society, Society of Actuaries and Canadian Institute of Actuaries Joint Risk Management Section eBook, Cybersecurity: Impact on Insurance Business and Operations. Last month I attended two additional cyber risk presentations.

Clare Computer Systems presented Preventing Ransomware Attacks. Ransomware is used by hackers to encrypt your computer files and/or system and demand a ransom to return their access. A local ransomware attack recently occurred at San Francisco’s Municipal Transportation Agency (MUNI). Instead of paying the ransom, MUNI chose to restore their computer system and allowed passengers to ride for free during the restoration. According to the presenters, they respond to clients’ ransomware attacks weekly and expect a continued increase in these incidents. They also reported that cyberattacks on small- to medium-sized businesses are at an all-time high.

Of course up-to-date anti-virus software and firewall implementation are crucial in reducing exposure to cyberattacks, but much of this presentation was focused on employee education. Phishing emails attempt to lure users into clicking on a link, downloading a file or entering their user ID and password. Many of these attempts work because the phishers use social engineering to make users react without thinking. Be wary of emails that look official, have a sense of urgency and scare you into reacting.

I also attended Advisen’s webinar, Cyber Insurance Underwriting: What do CISOs think?, with panelists from Symantec and Aite Group. The presenters had reviewed cyber liability questions in publicly-filed underwriting forms. Chief Information Security Officers (CISOs) who reviewed these questions had several concerns:

Too many questions are being asked

Responses would be difficult to verify

Responses would be difficult to evaluate

Insurance companies need better tools to effectively underwrite cyber liability risk, including data-driven approaches for underwriting using publicly-available data. The CAS Cyber Risk Task Force is an excellent place from which to start finding ways to help insurance companies manage this growing risk, both as potential victims and as insurers.

Laura Maxwell is a Consulting Actuary with Pinnacle Actuarial Resources, Inc. in the San Francisco, California office. She has over 25 years of actuarial experience in the property/casualty insurance industry and has provided consulting services since 2003. Laura is a Fellow of the Casualty Actuarial Society and a Member of the American Academy of Actuaries. She currently serves the Casualty Actuarial Society as a member of the Examination Committee and Chair of the Webinar Committee.